diff --git a/iptables/handlers/main.yml b/iptables/handlers/main.yml index 34f67fe5..1012da73 100644 --- a/iptables/handlers/main.yml +++ b/iptables/handlers/main.yml @@ -20,3 +20,6 @@ command: /etc/init.d/iptables-persistent stop ignore_errors: true +- name: Restart fail2ban after an iptables restart + service: name=fail2ban state=restarted enabled=yes + when: has_fail2ban diff --git a/iptables/tasks/main.yml b/iptables/tasks/main.yml index 13d41cf3..a3290a0b 100644 --- a/iptables/tasks/main.yml +++ b/iptables/tasks/main.yml @@ -61,39 +61,70 @@ - name: Start the iptables service immediately after the new rules have been installed, on Ubuntu precise. This can have an impact on other tasks service: name=iptables-persistent state=restarted enabled=yes - register: restart_related + register: restart_related_p + notify: Restart fail2ban after an iptables restart when: install_iptables_rules_precise is changed - name: Start the iptables service immediately after the new rules have been installed, on Ubuntu Trusty. This can have an impact on other tasks service: name=iptables-persistent state=restarted enabled=yes - register: restart_related + register: restart_related_t + notify: Restart fail2ban after an iptables restart when: install_iptables_rules_trusty is changed - name: Start the iptables service immediately after the new rules have been installed, on Debian 7. This can have an impact on other tasks service: name=iptables-persistent state=restarted enabled=yes - register: restart_related + register: restart_related_d7 + notify: Restart fail2ban after an iptables restart when: install_iptables_rules_deb7 is changed - name: Start the netfilter service immediately after the new rules have been installed. This can have an impact on other tasks service: name=netfilter-persistent state=restarted enabled=yes - register: restart_related + register: restart_related_x + notify: Restart fail2ban after an iptables restart when: install_netfilter_rules is changed - - name: Restart fail2ban after an iptables restart + - name: Check if the fail2ban service is present + stat: path=/usr/bin/fail2ban-server + register: fail2ban_installed + + - name: Restart fail2ban after an iptables restart on Ubuntu Precise service: name=fail2ban state=restarted enabled=yes when: - - has_fail2ban - - restart_related is changed + - fail2ban_installed.stat.exists + - restart_related_p is changed + + - name: Restart fail2ban after an iptables restart on Ubunt Trusty + service: name=fail2ban state=restarted enabled=yes + when: + - fail2ban_installed.stat.exists + - restart_related_t is changed + + - name: Restart fail2ban after an iptables restart on debian 7 + service: name=fail2ban state=restarted enabled=yes + when: + - fail2ban_installed.stat.exists + - restart_related_d7 is changed + + - name: Restart fail2ban after an iptables restart on Ubuntu Xenial + service: name=fail2ban state=restarted enabled=yes + when: + - fail2ban_installed.stat.exists + - restart_related_x is changed - name: Check if the docker service is present stat: path=/usr/bin/dockerd register: dockerd_installed - when: restart_related is changed - - name: Restart docker after an iptables restart + - name: Restart docker after an iptables restart on Ubuntu Trusty service: name=docker state=restarted enabled=yes when: - dockerd_installed.stat.exists - - restart_related is changed + - restart_related_t is changed + + - name: Restart docker after an iptables restart on Ubuntu Xenial + service: name=docker state=restarted enabled=yes + when: + - dockerd_installed.stat.exists + - restart_related_x is changed tags: [ 'iptables', 'iptables_rules' ]